The Busan Metropolitan Police Agency arrested a suspect involved in the trade of personal information of more than 12 million people, according to a police statement on Tuesday.

The police arrested one suspect who sold personal information, and booked 17 buyers without detention.

The suspect allegedly bought personal information from illegal distribution dealers in China and used it for marketing credit brokerage and mobile telecom services, the police said.

Among the leaked personal information, 4.2 million were from mobile carriers, 1 million from financial organizations and 1.8 million from travel agencies.

“As for telecoms, the information kept in handset shops appeared to be hacked,” said Kim Byung-rok, head of Busan Police’s cyber team.

“The investigation is ongoing in collaboration with the International Criminal Police Organization to seek the offenders, who illegally hacked and distributed the personal information,” Kim said.

The police said they collected some of the information that was leaked, such as resident registration numbers, telephone numbers, addresses and bank accounts.

Experts say the main cause was negligence on the part of handset shops where clients’ personal information is stored and often sold to illegal distributors.

“It is not difficult for the stores to exploit personal information for marketing purposes or illegal telemarketing,” sources said.

“We plan to force telecom operators to take up bigger roles in keeping handset shops in line,” said Lim Jong-cheol, a government official at the Korea Communications Commission’s privacy protection and ethics division.

In terms of the number of data breaches, LG Uplus topped the list with 2.5 million, followed by SK Broadband with 1.5 million and KT 76,000 SK Telecom also suffered a minor breach.

“We will make efforts to help smartphone shops better manage clients’ personal information down the road,” an LG Uplus spokesperson said.

This is surprising news to many Koreans as it has been only a week since the police agency arrested hackers in connection with the theft of 12 million KT customers’ personal information.

Experts say the security issues continue as the awareness of security has not been rooted in the nation.

“While hackers are developing more sophisticated methods to steal lucrative personal information, companies, that could protect it do not realize the seriousness of security,” said Im Jong-in, a professor at Korea University’s graduate school of information security.

“Both the private and public sectors should show continued willingness and interest for safer information management.”